X-Git-Url: https://git.lttng.org/?a=blobdiff_plain;f=src%2Fcommon%2Frunas.c;h=4bb45b0453ceba40f6e219d84b14d5b01792479b;hb=a0377dfefe40662ba7d68617bce6ff467114136c;hp=9f30996e2ae77f6e2a8ad5a26ace9f00b0eda879;hpb=93bed9fe8f48c11b7bb1224db36d82404cea080d;p=lttng-tools.git

diff --git a/src/common/runas.c b/src/common/runas.c
index 9f30996e2..4bb45b045 100644
--- a/src/common/runas.c
+++ b/src/common/runas.c
@@ -1,51 +1,48 @@
 /*
- * Copyright (C) 2011 - David Goulet <david.goulet@polymtl.ca>
- *                      Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
- *               2019 - Jérémie Galarneau <jeremie.galarneau@efficios.com>
+ * Copyright (C) 2011 David Goulet <david.goulet@polymtl.ca>
+ * Copyright (C) 2011 Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
+ * Copyright (C) 2019 Jérémie Galarneau <jeremie.galarneau@efficios.com>
  *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License, version 2 only,
- * as published by the Free Software Foundation.
+ * SPDX-License-Identifier: GPL-2.0-only
  *
- * This program is distributed in the hope that it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
- * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
- * more details.
- *
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, write to the Free Software Foundation, Inc.,
- * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
  */
 
 #define _LGPL_SOURCE
-#include <errno.h>
+#include <fcntl.h>
+#include <grp.h>
 #include <limits.h>
+#include <pwd.h>
+#include <sched.h>
+#include <signal.h>
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
-#include <sys/wait.h>
-#include <sys/types.h>
 #include <sys/stat.h>
+#include <sys/types.h>
+#include <sys/wait.h>
 #include <unistd.h>
-#include <fcntl.h>
-#include <sched.h>
-#include <signal.h>
-#include <assert.h>
-#include <signal.h>
 
+#include <common/bytecode/bytecode.h>
 #include <common/lttng-kernel.h>
 #include <common/common.h>
 #include <common/utils.h>
+#include <common/compat/errno.h>
 #include <common/compat/getenv.h>
-#include <common/compat/prctl.h>
+#include <common/compat/string.h>
 #include <common/unix.h>
 #include <common/defaults.h>
 #include <common/lttng-elf.h>
+#include <common/thread.h>
 
 #include <lttng/constant.h>
 
+#include <common/sessiond-comm/sessiond-comm.h>
+#include <common/filter/filter-ast.h>
+
 #include "runas.h"
 
+#define GETPW_BUFFER_FALLBACK_SIZE 4096
+
 struct run_as_data;
 struct run_as_ret;
 typedef int (*run_as_fct)(struct run_as_data *data, struct run_as_ret *ret_value);
@@ -67,6 +64,7 @@ enum run_as_cmd {
 	RUN_AS_RENAMEAT,
 	RUN_AS_EXTRACT_ELF_SYMBOL_OFFSET,
 	RUN_AS_EXTRACT_SDT_PROBE_OFFSETS,
+	RUN_AS_GENERATE_FILTER_BYTECODE,
 };
 
 struct run_as_mkdir_data {
@@ -90,6 +88,7 @@ struct run_as_unlink_data {
 struct run_as_rmdir_data {
 	int dirfd;
 	char path[LTTNG_PATH_MAX];
+	int flags; /* enum lttng_directory_handle_rmdir_recursive_flags. */
 } LTTNG_PACKED;
 
 struct run_as_extract_elf_symbol_offset_data {
@@ -103,6 +102,10 @@ struct run_as_extract_sdt_probe_offsets_data {
 	char provider_name[LTTNG_SYMBOL_NAME_LEN];
 } LTTNG_PACKED;
 
+struct run_as_generate_filter_bytecode_data {
+	char filter_expression[LTTNG_FILTER_MAX_LEN];
+} LTTNG_PACKED;
+
 struct run_as_rename_data {
 	/*
 	 * [0] = old_dirfd
@@ -123,7 +126,12 @@ struct run_as_extract_elf_symbol_offset_ret {
 
 struct run_as_extract_sdt_probe_offsets_ret {
 	uint32_t num_offset;
-	uint64_t offsets[LTTNG_KERNEL_MAX_UPROBE_NUM];
+	uint64_t offsets[LTTNG_KERNEL_ABI_MAX_UPROBE_NUM];
+} LTTNG_PACKED;
+
+struct run_as_generate_filter_bytecode_ret {
+	/* A lttng_bytecode_filter struct with 'dynamic' payload. */
+	char bytecode[LTTNG_FILTER_MAX_LEN];
 } LTTNG_PACKED;
 
 struct run_as_data {
@@ -136,6 +144,7 @@ struct run_as_data {
 		struct run_as_rename_data rename;
 		struct run_as_extract_elf_symbol_offset_data extract_elf_symbol_offset;
 		struct run_as_extract_sdt_probe_offsets_data extract_sdt_probe_offsets;
+		struct run_as_generate_filter_bytecode_data generate_filter_bytecode;
 	} u;
 	uid_t uid;
 	gid_t gid;
@@ -162,6 +171,7 @@ struct run_as_ret {
 		struct run_as_open_ret open;
 		struct run_as_extract_elf_symbol_offset_ret extract_elf_symbol_offset;
 		struct run_as_extract_sdt_probe_offsets_ret extract_sdt_probe_offsets;
+		struct run_as_generate_filter_bytecode_ret generate_filter_bytecode;
 	} u;
 	int _errno;
 	bool _error;
@@ -315,6 +325,13 @@ static const struct run_as_command_properties command_properties[] = {
 		.out_fd_count = 0,
 		.use_cwd_fd = false,
 	},
+	[RUN_AS_GENERATE_FILTER_BYTECODE] = {
+		.in_fds_offset = -1,
+		.in_fd_count = 0,
+		.out_fds_offset = -1,
+		.out_fd_count = 0,
+		.use_cwd_fd = false,
+	},
 };
 
 struct run_as_worker {
@@ -350,22 +367,27 @@ int _mkdirat_recursive(struct run_as_data *data, struct run_as_ret *ret_value)
 {
 	const char *path;
 	mode_t mode;
-	struct lttng_directory_handle handle;
+	struct lttng_directory_handle *handle;
 
 	path = data->u.mkdir.path;
 	mode = data->u.mkdir.mode;
 
-	(void) lttng_directory_handle_init_from_dirfd(&handle,
-			data->u.mkdir.dirfd);
+	handle = lttng_directory_handle_create_from_dirfd(data->u.mkdir.dirfd);
+	if (!handle) {
+		ret_value->_errno = errno;
+		ret_value->_error = true;
+		ret_value->u.ret = -1;
+		goto end;
+	}
 	/* Ownership of dirfd is transferred to the handle. */
 	data->u.mkdir.dirfd = -1;
 	/* Safe to call as we have transitioned to the requested uid/gid. */
-	ret_value->u.ret =
-			lttng_directory_handle_create_subdirectory_recursive(
-					&handle, path, mode);
+	ret_value->u.ret = lttng_directory_handle_create_subdirectory_recursive(
+			handle, path, mode);
 	ret_value->_errno = errno;
 	ret_value->_error = (ret_value->u.ret) ? true : false;
-	lttng_directory_handle_fini(&handle);
+	lttng_directory_handle_put(handle);
+end:
 	return ret_value->u.ret;
 }
 
@@ -374,22 +396,27 @@ int _mkdirat(struct run_as_data *data, struct run_as_ret *ret_value)
 {
 	const char *path;
 	mode_t mode;
-	struct lttng_directory_handle handle;
+	struct lttng_directory_handle *handle;
 
 	path = data->u.mkdir.path;
 	mode = data->u.mkdir.mode;
 
-	(void) lttng_directory_handle_init_from_dirfd(&handle,
-			data->u.mkdir.dirfd);
+	handle = lttng_directory_handle_create_from_dirfd(data->u.mkdir.dirfd);
+	if (!handle) {
+		ret_value->u.ret = -1;
+		ret_value->_errno = errno;
+		ret_value->_error = true;
+		goto end;
+	}
 	/* Ownership of dirfd is transferred to the handle. */
 	data->u.mkdir.dirfd = -1;
 	/* Safe to call as we have transitioned to the requested uid/gid. */
-	ret_value->u.ret =
-			lttng_directory_handle_create_subdirectory(
-					&handle, path, mode);
+	ret_value->u.ret = lttng_directory_handle_create_subdirectory(
+			handle, path, mode);
 	ret_value->_errno = errno;
 	ret_value->_error = (ret_value->u.ret) ? true : false;
-	lttng_directory_handle_fini(&handle);
+	lttng_directory_handle_put(handle);
+end:
 	return ret_value->u.ret;
 }
 
@@ -397,14 +424,19 @@ static
 int _open(struct run_as_data *data, struct run_as_ret *ret_value)
 {
 	int fd;
-	struct lttng_directory_handle handle;
+	struct lttng_directory_handle *handle;
 
-	(void) lttng_directory_handle_init_from_dirfd(&handle,
-			data->u.open.dirfd);
+	handle = lttng_directory_handle_create_from_dirfd(data->u.open.dirfd);
+	if (!handle) {
+		ret_value->_errno = errno;
+		ret_value->_error = true;
+		ret_value->u.ret = -1;
+		goto end;
+	}
 	/* Ownership of dirfd is transferred to the handle. */
 	data->u.open.dirfd = -1;
 
-	fd = lttng_directory_handle_open_file(&handle,
+	fd = lttng_directory_handle_open_file(handle,
 			data->u.open.path, data->u.open.flags,
 			data->u.open.mode);
 	if (fd < 0) {
@@ -417,64 +449,83 @@ int _open(struct run_as_data *data, struct run_as_ret *ret_value)
 
 	ret_value->_errno = errno;
 	ret_value->_error = fd < 0;
-	lttng_directory_handle_fini(&handle);
+	lttng_directory_handle_put(handle);
+end:
 	return ret_value->u.ret;
 }
 
 static
 int _unlink(struct run_as_data *data, struct run_as_ret *ret_value)
 {
-	struct lttng_directory_handle handle;
+	struct lttng_directory_handle *handle;
 
-	(void) lttng_directory_handle_init_from_dirfd(&handle,
-			data->u.unlink.dirfd);
+	handle = lttng_directory_handle_create_from_dirfd(data->u.unlink.dirfd);
+	if (!handle) {
+		ret_value->u.ret = -1;
+		ret_value->_errno = errno;
+		ret_value->_error = true;
+		goto end;
+	}
 
 	/* Ownership of dirfd is transferred to the handle. */
 	data->u.unlink.dirfd = -1;
 
-	ret_value->u.ret = lttng_directory_handle_unlink_file(&handle,
+	ret_value->u.ret = lttng_directory_handle_unlink_file(handle,
 			data->u.unlink.path);
 	ret_value->_errno = errno;
 	ret_value->_error = (ret_value->u.ret) ? true : false;
-	lttng_directory_handle_fini(&handle);
+	lttng_directory_handle_put(handle);
+end:
 	return ret_value->u.ret;
 }
 
 static
 int _rmdir(struct run_as_data *data, struct run_as_ret *ret_value)
 {
-	struct lttng_directory_handle handle;
+	struct lttng_directory_handle *handle;
 
-	(void) lttng_directory_handle_init_from_dirfd(&handle,
-			data->u.rmdir.dirfd);
+	handle = lttng_directory_handle_create_from_dirfd(data->u.rmdir.dirfd);
+	if (!handle) {
+		ret_value->u.ret = -1;
+		ret_value->_errno = errno;
+		ret_value->_error = true;
+		goto end;
+	}
 
 	/* Ownership of dirfd is transferred to the handle. */
 	data->u.rmdir.dirfd = -1;
 
 	ret_value->u.ret = lttng_directory_handle_remove_subdirectory(
-			&handle, data->u.rmdir.path);
+			handle, data->u.rmdir.path);
 	ret_value->_errno = errno;
 	ret_value->_error = (ret_value->u.ret) ? true : false;
-	lttng_directory_handle_fini(&handle);
+	lttng_directory_handle_put(handle);
+end:
 	return ret_value->u.ret;
 }
 
 static
 int _rmdir_recursive(struct run_as_data *data, struct run_as_ret *ret_value)
 {
-	struct lttng_directory_handle handle;
+	struct lttng_directory_handle *handle;
 
-	(void) lttng_directory_handle_init_from_dirfd(&handle,
-			data->u.rmdir.dirfd);
+	handle = lttng_directory_handle_create_from_dirfd(data->u.rmdir.dirfd);
+	if (!handle) {
+		ret_value->u.ret = -1;
+		ret_value->_errno = errno;
+		ret_value->_error = true;
+		goto end;
+	}
 
 	/* Ownership of dirfd is transferred to the handle. */
 	data->u.rmdir.dirfd = -1;
 
 	ret_value->u.ret = lttng_directory_handle_remove_subdirectory_recursive(
-			&handle, data->u.rmdir.path);
+			handle, data->u.rmdir.path, data->u.rmdir.flags);
 	ret_value->_errno = errno;
 	ret_value->_error = (ret_value->u.ret) ? true : false;
-	lttng_directory_handle_fini(&handle);
+	lttng_directory_handle_put(handle);
+end:
 	return ret_value->u.ret;
 }
 
@@ -482,26 +533,35 @@ static
 int _rename(struct run_as_data *data, struct run_as_ret *ret_value)
 {
 	const char *old_path, *new_path;
-	struct lttng_directory_handle old_handle, new_handle;
+	struct lttng_directory_handle *old_handle = NULL, *new_handle = NULL;
 
 	old_path = data->u.rename.old_path;
 	new_path = data->u.rename.new_path;
 
-	(void) lttng_directory_handle_init_from_dirfd(&old_handle,
+	old_handle = lttng_directory_handle_create_from_dirfd(
 			data->u.rename.dirfds[0]);
-	(void) lttng_directory_handle_init_from_dirfd(&new_handle,
+	if (!old_handle) {
+		ret_value->u.ret = -1;
+		goto end;
+	}
+	new_handle = lttng_directory_handle_create_from_dirfd(
 			data->u.rename.dirfds[1]);
+	if (!new_handle) {
+		ret_value->u.ret = -1;
+		goto end;
+	}
 
 	/* Ownership of dirfds are transferred to the handles. */
 	data->u.rename.dirfds[0] = data->u.rename.dirfds[1] = -1;
 
 	/* Safe to call as we have transitioned to the requested uid/gid. */
 	ret_value->u.ret = lttng_directory_handle_rename(
-			&old_handle, old_path, &new_handle, new_path);
+			old_handle, old_path, new_handle, new_path);
+end:
+	lttng_directory_handle_put(old_handle);
+	lttng_directory_handle_put(new_handle);
 	ret_value->_errno = errno;
 	ret_value->_error = (ret_value->u.ret) ? true : false;
-	lttng_directory_handle_fini(&old_handle);
-	lttng_directory_handle_fini(&new_handle);
 	return ret_value->u.ret;
 }
 
@@ -511,15 +571,17 @@ int _extract_elf_symbol_offset(struct run_as_data *data,
 		struct run_as_ret *ret_value)
 {
 	int ret = 0;
+	uint64_t offset;
 
 	ret_value->_error = false;
 	ret = lttng_elf_get_symbol_offset(data->u.extract_elf_symbol_offset.fd,
 			 data->u.extract_elf_symbol_offset.function,
-			 &ret_value->u.extract_elf_symbol_offset.offset);
+			 &offset);
 	if (ret) {
 		DBG("Failed to extract ELF function offset");
 		ret_value->_error = true;
 	}
+	ret_value->u.extract_elf_symbol_offset.offset = offset;
 
 	return ret;
 }
@@ -547,7 +609,7 @@ int _extract_sdt_probe_offsets(struct run_as_data *data,
 		goto end;
 	}
 
-	if (num_offset <= 0 || num_offset > LTTNG_KERNEL_MAX_UPROBE_NUM) {
+	if (num_offset <= 0 || num_offset > LTTNG_KERNEL_ABI_MAX_UPROBE_NUM) {
 		DBG("Wrong number of probes.");
 		ret = -1;
 		ret_value->_error = true;
@@ -583,6 +645,48 @@ int _extract_sdt_probe_offsets(struct run_as_data *data,
 }
 #endif
 
+static
+int _generate_filter_bytecode(struct run_as_data *data,
+		struct run_as_ret *ret_value) {
+	int ret = 0;
+	const char *filter_expression = NULL;
+	struct filter_parser_ctx *ctx = NULL;
+
+	ret_value->_error = false;
+
+	filter_expression = data->u.generate_filter_bytecode.filter_expression;
+
+	if (lttng_strnlen(filter_expression, LTTNG_FILTER_MAX_LEN - 1) == LTTNG_FILTER_MAX_LEN - 1) {
+		ret_value->_error = true;
+		ret = -1;
+		goto end;
+	}
+
+	ret = filter_parser_ctx_create_from_filter_expression(filter_expression, &ctx);
+	if (ret < 0) {
+		ret_value->_error = true;
+		ret = -1;
+		goto end;
+	}
+
+	DBG("Size of bytecode generated: %u bytes.",
+			bytecode_get_len(&ctx->bytecode->b));
+
+	/* Copy the lttng_bytecode_filter object to the return structure. */
+	memcpy(ret_value->u.generate_filter_bytecode.bytecode,
+			&ctx->bytecode->b,
+			sizeof(ctx->bytecode->b) +
+					bytecode_get_len(&ctx->bytecode->b));
+
+end:
+	if (ctx) {
+		filter_bytecode_free(ctx);
+		filter_ir_free(ctx);
+		filter_parser_ctx_free(ctx);
+	}
+
+	return ret;
+}
 static
 run_as_fct run_as_enum_to_fct(enum run_as_cmd cmd)
 {
@@ -612,6 +716,8 @@ run_as_fct run_as_enum_to_fct(enum run_as_cmd cmd)
 		return _extract_elf_symbol_offset;
 	case RUN_AS_EXTRACT_SDT_PROBE_OFFSETS:
 		return _extract_sdt_probe_offsets;
+	case RUN_AS_GENERATE_FILTER_BYTECODE:
+		return _generate_filter_bytecode;
 	default:
 		ERR("Unknown command %d", (int) cmd);
 		return NULL;
@@ -626,14 +732,14 @@ int do_send_fds(int sock, const int *fds, unsigned int fd_count)
 
 	for (i = 0; i < fd_count; i++) {
 		if (fds[i] < 0) {
-			ERR("Attempt to send invalid file descriptor to master (fd = %i)",
+			DBG("Attempt to send invalid file descriptor (fd = %i)",
 					fds[i]);
 			/* Return 0 as this is not a fatal error. */
 			return 0;
 		}
-        }
+	}
 
-        len = lttcomm_send_fds_unix_sock(sock, fds, fd_count);
+	len = lttcomm_send_fds_unix_sock(sock, fds, fd_count);
 	return len < 0 ? -1 : 0;
 }
 
@@ -659,9 +765,9 @@ int do_recv_fds(int sock, int *fds, unsigned int fd_count)
 			ERR("Invalid file descriptor received from worker (fd = %i)", fds[i]);
 			/* Return 0 as this is not a fatal error. */
 		}
-        }
+	}
 end:
-        return ret;
+	return ret;
 }
 
 static
@@ -682,9 +788,9 @@ int send_fds_to_worker(const struct run_as_worker *worker,
 			ret = -1;
 			goto end;
 		}
-        }
+	}
 
-        ret = do_send_fds(worker->sockpair[0], COMMAND_IN_FDS(data),
+	ret = do_send_fds(worker->sockpair[0], COMMAND_IN_FDS(data),
 			COMMAND_IN_FD_COUNT(data));
 	if (ret < 0) {
 		PERROR("Failed to send file descriptor to run-as worker");
@@ -714,10 +820,14 @@ int send_fds_to_master(struct run_as_worker *worker, enum run_as_cmd cmd,
 	}
 
 	for (i = 0; i < COMMAND_OUT_FD_COUNT(cmd); i++) {
-		int ret_close = close(COMMAND_OUT_FDS(cmd, run_as_ret)[i]);
+		int fd = COMMAND_OUT_FDS(cmd, run_as_ret)[i];
+		if (fd >= 0) {
+			int ret_close = close(fd);
 
-		if (ret_close < 0) {
-			PERROR("Failed to close result file descriptor");
+			if (ret_close < 0) {
+				PERROR("Failed to close result file descriptor (fd = %i)",
+						fd);
+			}
 		}
 	}
 end:
@@ -758,6 +868,10 @@ int recv_fds_from_master(struct run_as_worker *worker, struct run_as_data *data)
 		goto end;
 	}
 
+	if (COMMAND_IN_FD_COUNT(data) == 0) {
+		goto end;
+	}
+
 	ret = do_recv_fds(worker->sockpair[1], COMMAND_IN_FDS(data),
 			COMMAND_IN_FD_COUNT(data));
 	if (ret < 0) {
@@ -787,18 +901,210 @@ end:
 	return ret;
 }
 
+static int get_user_infos_from_uid(
+		uid_t uid, char **username, gid_t *primary_gid)
+{
+	int ret;
+	char *buf = NULL;
+	long raw_get_pw_buf_size;
+	size_t get_pw_buf_size;
+	struct passwd pwd;
+	struct passwd *result = NULL;
+
+	/* Fetch the max size for the temporary buffer. */
+	errno = 0;
+	raw_get_pw_buf_size = sysconf(_SC_GETPW_R_SIZE_MAX);
+	if (raw_get_pw_buf_size < 0) {
+		if (errno != 0) {
+			PERROR("Failed to query _SC_GETPW_R_SIZE_MAX");
+			goto error;
+		}
+
+		/* Limit is indeterminate. */
+		WARN("Failed to query _SC_GETPW_R_SIZE_MAX as it is "
+			"indeterminate; falling back to default buffer size");
+		raw_get_pw_buf_size = GETPW_BUFFER_FALLBACK_SIZE;
+	}
+
+	get_pw_buf_size = (size_t) raw_get_pw_buf_size;
+
+	buf = zmalloc(get_pw_buf_size);
+	if (buf == NULL) {
+		PERROR("Failed to allocate buffer to get password file entries");
+		goto error;
+	}
+
+	ret = getpwuid_r(uid, &pwd, buf, get_pw_buf_size, &result);
+	if (ret < 0) {
+		PERROR("Failed to get user information for user:  uid = %d",
+				(int) uid);
+		goto error;
+	}
+
+	if (result == NULL) {
+		ERR("Failed to find user information in password entries: uid = %d",
+				(int) uid);
+		ret = -1;
+		goto error;
+	}
+
+	*username = strdup(result->pw_name);
+	if (*username == NULL) {
+		PERROR("Failed to copy user name");
+		goto error;
+	}
+
+	*primary_gid = result->pw_gid;
+
+end:
+	free(buf);
+	return ret;
+error:
+	*username = NULL;
+	*primary_gid = -1;
+	ret = -1;
+	goto end;
+}
+
+static int demote_creds(
+		uid_t prev_uid, gid_t prev_gid, uid_t new_uid, gid_t new_gid)
+{
+	int ret = 0;
+	gid_t primary_gid;
+	char *username = NULL;
+
+	/* Change the group id. */
+	if (prev_gid != new_gid) {
+		ret = setegid(new_gid);
+		if (ret < 0) {
+			PERROR("Failed to set effective group id: new_gid = %d",
+					(int) new_gid);
+			goto end;
+		}
+	}
+
+	/* Change the user id. */
+	if (prev_uid != new_uid) {
+		ret = get_user_infos_from_uid(new_uid, &username, &primary_gid);
+		if (ret < 0) {
+			goto end;
+		}
+
+		/*
+		 * Initialize the supplementary group access list.
+		 *
+		 * This is needed to handle cases where the supplementary groups
+		 * of the user the process is demoting-to would give it access
+		 * to a given file/folder, but not it's primary group.
+		 *
+		 * e.g
+		 *   username: User1
+		 *   Primary Group: User1
+		 *   Secondary group: Disk, Network
+		 *
+		 *   mkdir inside the following directory must work since User1
+		 *   is part of the Network group.
+		 *
+		 *   drwxrwx--- 2 root Network 4096 Jul 23 17:17 /tmp/my_folder/
+		 *
+		 *
+		 * The order of the following initgroups and seteuid calls is
+		 * important here;
+		 * Only a root process or one with CAP_SETGID capability can
+		 * call the the initgroups() function. We must initialize the
+		 * supplementary groups before we change the effective
+		 * UID to a less-privileged user.
+		 */
+		ret = initgroups(username, primary_gid);
+		if (ret < 0) {
+			PERROR("Failed to init the supplementary group access list: "
+					"username = `%s`, primary gid = %d", username,
+					(int) primary_gid);
+			goto end;
+		}
+
+		ret = seteuid(new_uid);
+		if (ret < 0) {
+			PERROR("Failed to set effective user id: new_uid = %d",
+					(int) new_uid);
+			goto end;
+		}
+	}
+end:
+	free(username);
+	return ret;
+}
+
+static int promote_creds(
+		uid_t prev_uid, gid_t prev_gid, uid_t new_uid, gid_t new_gid)
+{
+	int ret = 0;
+	gid_t primary_gid;
+	char *username = NULL;
+
+	/* Change the group id. */
+	if (prev_gid != new_gid) {
+		ret = setegid(new_gid);
+		if (ret < 0) {
+			PERROR("Failed to set effective group id: new_gid = %d",
+					(int) new_gid);
+			goto end;
+		}
+	}
+
+	/* Change the user id. */
+	if (prev_uid != new_uid) {
+		ret = get_user_infos_from_uid(new_uid, &username, &primary_gid);
+		if (ret < 0) {
+			goto end;
+		}
+
+		/*
+		 * seteuid call must be done before the initgroups call because
+		 * we need to be privileged (CAP_SETGID) to call initgroups().
+		 */
+		ret = seteuid(new_uid);
+		if (ret < 0) {
+			PERROR("Failed to set effective user id: new_uid = %d",
+					(int) new_uid);
+			goto end;
+		}
+
+		/*
+		 * Initialize the supplementary group access list.
+		 *
+		 * There is a possibility the groups we set in the following
+		 * initgroups() call are not exactly the same as the ones we
+		 * had when we originally demoted. This can happen if the
+		 * /etc/group file is modified after the runas process is
+		 * forked. This is very unlikely.
+		 */
+		ret = initgroups(username, primary_gid);
+		if (ret < 0) {
+			PERROR("Failed to init the supplementary group access "
+					"list: username = `%s`, primary gid = %d",
+					username, (int) primary_gid)
+			goto end;
+		}
+	}
+end:
+	free(username);
+	return ret;
+}
+
 /*
  * Return < 0 on error, 0 if OK, 1 on hangup.
  */
 static
 int handle_one_cmd(struct run_as_worker *worker)
 {
-	int ret = 0;
-        struct run_as_data data = {};
-        ssize_t readlen, writelen;
-        struct run_as_ret sendret = {};
-        run_as_fct cmd;
-	uid_t prev_euid;
+	int ret = 0, promote_ret;
+	struct run_as_data data = {};
+	ssize_t readlen, writelen;
+	struct run_as_ret sendret = {};
+	run_as_fct cmd;
+	const uid_t prev_ruid = getuid();
+	const gid_t prev_rgid = getgid();
 
 	/*
 	 * Stage 1: Receive run_as_data struct from the master.
@@ -836,24 +1142,9 @@ int handle_one_cmd(struct run_as_worker *worker)
 		goto end;
 	}
 
-	prev_euid = getuid();
-	if (data.gid != getegid()) {
-		ret = setegid(data.gid);
-		if (ret < 0) {
-			sendret._error = true;
-			sendret._errno = errno;
-			PERROR("setegid");
-			goto write_return;
-		}
-	}
-	if (data.uid != prev_euid) {
-		ret = seteuid(data.uid);
-		if (ret < 0) {
-			sendret._error = true;
-			sendret._errno = errno;
-			PERROR("seteuid");
-			goto write_return;
-		}
+	ret = demote_creds(prev_ruid, prev_rgid, data.uid, data.gid);
+	if (ret < 0) {
+		goto write_return;
 	}
 
 	/*
@@ -873,7 +1164,7 @@ write_return:
 	ret = cleanup_received_fds(&data);
 	if (ret < 0) {
 		ERR("Error cleaning up FD");
-		goto end;
+		goto promote_back;
 	}
 
 	/*
@@ -885,7 +1176,7 @@ write_return:
 	if (writelen < sizeof(sendret)) {
 		PERROR("lttcomm_send_unix_sock error");
 		ret = -1;
-		goto end;
+		goto promote_back;
 	}
 
 	/*
@@ -894,15 +1185,17 @@ write_return:
 	ret = send_fds_to_master(worker, data.cmd, &sendret);
 	if (ret < 0) {
 		DBG("Sending FD to master returned an error");
-		goto end;
 	}
 
-	if (seteuid(prev_euid) < 0) {
-		PERROR("seteuid");
-		ret = -1;
-		goto end;
-	}
 	ret = 0;
+
+promote_back:
+	/* Return to previous uid/gid. */
+	promote_ret = promote_creds(data.uid, data.gid, prev_ruid, prev_rgid);
+	if (promote_ret < 0) {
+		ERR("Failed to promote back to the initial credentials");
+	}
+
 end:
 	return ret;
 }
@@ -922,11 +1215,10 @@ int run_as_worker(struct run_as_worker *worker)
 	memset(worker->procname, 0, proc_orig_len);
 	strncpy(worker->procname, DEFAULT_RUN_AS_WORKER_NAME, proc_orig_len);
 
-	ret = lttng_prctl(PR_SET_NAME,
-			(unsigned long) DEFAULT_RUN_AS_WORKER_NAME, 0, 0, 0);
+	ret = lttng_thread_setname(DEFAULT_RUN_AS_WORKER_NAME);
 	if (ret && ret != -ENOSYS) {
 		/* Don't fail as this is not essential. */
-		PERROR("prctl PR_SET_NAME");
+		DBG("Failed to set pthread name attribute");
 	}
 
 	memset(&sendret, 0, sizeof(sendret));
@@ -1155,7 +1447,7 @@ int run_as_create_worker_no_lock(const char *procname,
 	struct run_as_ret recvret;
 	struct run_as_worker *worker;
 
-	assert(!global_worker);
+	LTTNG_ASSERT(!global_worker);
 	if (!use_clone()) {
 		/*
 		 * Don't initialize a worker, all run_as tasks will be performed
@@ -1192,6 +1484,9 @@ int run_as_create_worker_no_lock(const char *procname,
 		reset_sighandler();
 
 		set_worker_sighandlers();
+
+		logger_set_thread_name("Run-as worker", true);
+
 		if (clean_up_func) {
 			if (clean_up_func(clean_up_user_data) < 0) {
 				ERR("Run-as post-fork clean-up failed, exiting.");
@@ -1222,7 +1517,7 @@ int run_as_create_worker_no_lock(const char *procname,
 			ret = -1;
 		}
 		worker->sockpair[1] = -1;
-	        free(worker->procname);
+		free(worker->procname);
 		free(worker);
 		LOG(ret ? PRINT_ERR : PRINT_DBG, "run_as worker exiting (ret = %d)", ret);
 		exit(ret ? EXIT_FAILURE : EXIT_SUCCESS);
@@ -1301,7 +1596,7 @@ void run_as_destroy_worker_no_lock(void)
 		if (WIFEXITED(status)) {
 			LOG(WEXITSTATUS(status) == 0 ? PRINT_DBG : PRINT_ERR,
 					DEFAULT_RUN_AS_WORKER_NAME " terminated with status code %d",
-				        WEXITSTATUS(status));
+					WEXITSTATUS(status));
 			break;
 		} else if (WIFSIGNALED(status)) {
 			ERR(DEFAULT_RUN_AS_WORKER_NAME " was killed by signal %d",
@@ -1346,7 +1641,7 @@ int run_as(enum run_as_cmd cmd, struct run_as_data *data,
 	if (use_clone()) {
 		DBG("Using run_as worker");
 
-		assert(global_worker);
+		LTTNG_ASSERT(global_worker);
 
 		ret = run_as_cmd(global_worker, cmd, data, ret_value, uid, gid);
 		saved_errno = ret_value->_errno;
@@ -1443,7 +1738,7 @@ error:
 
 LTTNG_HIDDEN
 int run_as_open(const char *path, int flags, mode_t mode, uid_t uid,
-                gid_t gid)
+		gid_t gid)
 {
 	return run_as_openat(AT_FDCWD, path, flags, mode, uid, gid);
 }
@@ -1453,8 +1748,8 @@ int run_as_openat(int dirfd, const char *path, int flags, mode_t mode,
 		uid_t uid, gid_t gid)
 {
 	int ret;
-        struct run_as_data data = {};
-        struct run_as_ret run_as_ret = {};
+	struct run_as_data data = {};
+	struct run_as_ret run_as_ret = {};
 
 	DBG3("openat() fd = %d%s, path = %s, flags = %X, mode = %d, uid %d, gid %d",
 			dirfd, dirfd == AT_FDCWD ? " (AT_FDCWD)" : "",
@@ -1537,13 +1832,13 @@ error:
 }
 
 LTTNG_HIDDEN
-int run_as_rmdir_recursive(const char *path, uid_t uid, gid_t gid)
+int run_as_rmdir_recursive(const char *path, uid_t uid, gid_t gid, int flags)
 {
-	return run_as_rmdirat_recursive(AT_FDCWD, path, uid, gid);
+	return run_as_rmdirat_recursive(AT_FDCWD, path, uid, gid, flags);
 }
 
 LTTNG_HIDDEN
-int run_as_rmdirat_recursive(int dirfd, const char *path, uid_t uid, gid_t gid)
+int run_as_rmdirat_recursive(int dirfd, const char *path, uid_t uid, gid_t gid, int flags)
 {
 	int ret;
 	struct run_as_data data = {};
@@ -1558,6 +1853,7 @@ int run_as_rmdirat_recursive(int dirfd, const char *path, uid_t uid, gid_t gid)
 		goto error;
 	}
 	data.u.rmdir.dirfd = dirfd;
+	data.u.rmdir.flags = flags;
 	run_as(dirfd == AT_FDCWD ? RUN_AS_RMDIR_RECURSIVE : RUN_AS_RMDIRAT_RECURSIVE,
 			&data, &run_as_ret, uid, gid);
 	errno = run_as_ret._errno;
@@ -1613,7 +1909,7 @@ int run_as_extract_elf_symbol_offset(int fd, const char* function,
 {
 	int ret;
 	struct run_as_data data = {};
-        struct run_as_ret run_as_ret = {};
+	struct run_as_ret run_as_ret = {};
 
 	DBG3("extract_elf_symbol_offset() on fd=%d and function=%s "
 			"with for uid %d and gid %d", fd, function,
@@ -1689,6 +1985,50 @@ error:
 	return ret;
 }
 
+LTTNG_HIDDEN
+int run_as_generate_filter_bytecode(const char *filter_expression,
+		const struct lttng_credentials *creds,
+		struct lttng_bytecode **bytecode)
+{
+	int ret;
+	struct run_as_data data = {};
+	struct run_as_ret run_as_ret = {};
+	const struct lttng_bytecode *view_bytecode = NULL;
+	struct lttng_bytecode *local_bytecode = NULL;
+	const uid_t uid = lttng_credentials_get_uid(creds);
+	const gid_t gid = lttng_credentials_get_gid(creds);
+
+	DBG3("generate_filter_bytecode() from expression=\"%s\" for uid %d and gid %d",
+			filter_expression, (int) uid, (int) gid);
+
+	ret = lttng_strncpy(data.u.generate_filter_bytecode.filter_expression, filter_expression,
+			sizeof(data.u.generate_filter_bytecode.filter_expression));
+	if (ret) {
+		goto error;
+	}
+
+	run_as(RUN_AS_GENERATE_FILTER_BYTECODE, &data, &run_as_ret, uid, gid);
+	errno = run_as_ret._errno;
+	if (run_as_ret._error) {
+		ret = -1;
+		goto error;
+	}
+
+	view_bytecode = (const struct lttng_bytecode *) run_as_ret.u.generate_filter_bytecode.bytecode;
+
+	local_bytecode = zmalloc(sizeof(*local_bytecode) + view_bytecode->len);
+	if (!local_bytecode) {
+		ret = -ENOMEM;
+		goto error;
+	}
+
+	memcpy(local_bytecode, run_as_ret.u.generate_filter_bytecode.bytecode,
+			sizeof(*local_bytecode) + view_bytecode->len);
+	*bytecode = local_bytecode;
+error:
+	return ret;
+}
+
 LTTNG_HIDDEN
 int run_as_create_worker(const char *procname,
 		post_fork_cleanup_cb clean_up_func,